Hostname: page-component-78c5997874-mlc7c Total loading time: 0 Render date: 2024-11-04T18:32:24.276Z Has data issue: false hasContentIssue false
  • English
  • Français

Data Protection Commissioner v. Facebook Ireland Ltd. and Maximillian Schrems (C.J.E.U.)

Published online by Cambridge University Press:  21 January 2021

Michael S. Aktipis  and
Ron B. Katwan
Michael S. Aktipis
Affiliation:
Dr. Michael S. Aktipis is an Attorney-Adviser in the Office of the Legal Adviser at the U.S. Department of State and Dr. Ron B. Katwan is Legal Adviser to the U.S. Mission to the European Union. The views expressed herein are made in the authors' personal capacities and in no way reflect the position of the U.S. government, the U.S. Mission to the European Union, or the Office of the Legal Adviser.
Ron B. Katwan
Affiliation:
Dr. Michael S. Aktipis is an Attorney-Adviser in the Office of the Legal Adviser at the U.S. Department of State and Dr. Ron B. Katwan is Legal Adviser to the U.S. Mission to the European Union. The views expressed herein are made in the authors' personal capacities and in no way reflect the position of the U.S. government, the U.S. Mission to the European Union, or the Office of the Legal Adviser.
Get access Rights & Permissions [Opens in a new window]

Extract

On July 16, 2020, the Court of Justice of the European Union (CJEU) issued its ruling in Data Protection Commissioner v. Facebook Ireland Limited and Maximillian Schrems, commonly known as Schrems II, invalidating the EU–U.S. Privacy Shield as a valid transfer mechanism under the EU's General Data Protection Regulation (GDPR) and creating significant legal uncertainty for the continued availability of another widely used transfer mechanism, Standard Contractual Clauses (SCCs), for transfers of EU personal data from commercial entities in the EU to the United States. The widely anticipated ruling marked the second time in five years that the CJEU had invalidated the legal foundation for such data transfers, which in both cases had been the result of a carefully negotiated compromise balancing European data privacy concerns with statutory and constitutional limitations of the U.S. system (see Schrems I).

Type
International Legal Documents
Information
International Legal Materials , Volume 60 , Issue 1 , February 2021 , pp. 53 - 98
Copyright
Copyright © American Society of International Law 2021

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

ENDNOTES

1 Case C-311/18, Data Protection Commissioner v. Facebook Ireland Limited and Maximillian Schrems, ECLI:EU:C:2020:559 (July 16, 2020), http://curia.europa.eu/juris/liste.jsf?num=C-311/18.

2 Regulation 2016/679/EU of the European Parliament and of the Council of Apr. 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, 2016 O.J. (L119) 1.

3 Case C-362/14, Maximilian Schrems v. Data Protection Commissioner, ECLI:EU:C:2015:650 (Oct. 6, 2015), http://curia.europa.eu/juris/liste.jsf?num=C-362/14.

4 Directive 95/46/EC, of the European Parliament and of the Council of Oct. 24, 1995 on the Protection of Individuals with regard to the Processing of Personal Data and on the Free Movement of Such Data, 1995 O.J. (L 281).

5 Convention for the Protection of Human Rights and Fundamental Freedoms, Nov. 4, 1950, Europ.T.S. No. 5; 213 U.N.T.S. 221

6 Commission Decision 2000/520/EC, 2000 O.J. (L 215) 7.

7 Notice of Availability of Privacy Shield Framework Documents, 81 Fed. Reg. 51,041 (Aug. 2, 2016).

8 Commission Decision 2016/1250, 2016 O.J. (L 207) 1.

9 Consolidated Versions of the Treaty on European Union and the Treaty on the Functioning of the European Union, 2010 O.J. (C83); 2012 O.J. (C326).

10 Case C-311/18, supra note 1, ¶ 87.

11 Case C-623/17, Privacy International v. Secretary of State for Foreign and Commonwealth Affairs and Others, ECLI:EU:C:2020:790 (Oct. 6, 2020); Joined Cases C-511/18, C-512/18 and C520/18, La Quadrature du Net and Others, Judgment of the Court, ECLI:EU:C:2020:791 (Oct. 6, 2020), http://curia.europa.eu/juris/document/document.jsf?text=&docid=232084&pageIndex=0&doclang=EN&mode=req&dir=&occ=first&part=1&cid=12565712.

12 Charter of Fundamental Rights of the European Union: 2010 O.J. (C83) 389. Proclaimed by the Commission, 7 December 2000. Proclamation and text at 2000 O.J. (C364) 1.

13 FISA Amendments Act of 2008, Pub. L. No. 110-261, 122 Stat. 2436.